A 360° approach to cybersecurity
Designing inherently secure, data-protected solutions is part of March Networks’ DNA, tracing back to our deep roots in information technology and networking. Our holistic approach to cybersecurity involves a 360° view of all aspects of our business, encompassing our products, the people who build them, and the processes that guide us. We’re also committed to helping our customers understand and address the European Union’s General Data Protection Regulation (GDPR) as it relates to video surveillance and video-based business intelligence.
Download our GDPR Guide
March Networks has a long history of delivering secure products. For more than 20 years, we’ve developed enterprise-class networked video solutions for some of the world’s largest banks, organizations that demand only the highest cybersecurity standards from their vendors. From day one, the principle of privacy-by-design has guided our product development, and we’ve incorporated features that limit unauthorized access to our devices. We continue to work closely with our customers, partners and legal counsel to understand and address varying data privacy requirements around the world.
We are constantly evaluating our security practices, and because of our work with Fortune 500 companies, regularly undergo security audits that analyze our business policies and practices, and the security of our products.
All March Networks products are designed with cybersecurity in mind. Our network video recorders (NVRs) and IP cameras pass rigorous IT testing, including ethical hacks to assess and resolve potential cyber weaknesses. We also use independent third-party penetration testing to further confirm security integrity. For our 8000 Series, 9000 Series and RideSafe Series Recorders, this testing detected no IP-based direct or indirect network communications nor any routing or redirecting of data traffic that could be used to exfiltrate or expose user data. The Linux-based Operating Systems in our NVRs are custom-built to help safeguard against vulnerabilities, and all March Networks products use a sophisticated one-time password mechanism. We do not use fixed or backdoor passwords on any of our devices.
Cybersecurity is also at the forefront of our research and development, and plays a leading role in the release of any new March Networks product. We continue to build new privacy features into our products, features that will go beyond what may be considered legislated in the European Union’s General Data Protection Regulation (GDPR). Read our Guide to GDPR and Intelligent Video for specifics on product features as they relate to this legislation.
Because cybersecurity is a joint effort, March Networks also develops tools to help our partners ensure the security of their video surveillance installations. Our industry-first GURU Smartphone App helps our partners by analyzing how secure the configuration of installed March Networks recorders is against a list of potential weaknesses. It then recommends ways to harden the system, such as changing a default password. Technicians can email the complete list of recommendations to themselves, a supervisor or customer for future reference. GURU’s unique auditing tool offers a fast and easy way for our partners to review the security of installations, and harden installations where possible.
Because data breaches can occur anywhere in an organization, all March Networks employees undertake mandatory cybersecurity training. Training is completed annually, and covers best practices for Internet security and maintaining data privacy and integrity. We have reviewed and implemented the 13 security controls established by the Canadian Centre for Cyber Security to mitigate cyber threats and have earned a CyberSecure Canada Certification.
March Networks takes a proactive, transparent approach to cybersecurity communications. We have a dedicated team who constantly monitors our products for vulnerabilities and communicates all necessary information through our Security Updates and Advisories program.
With this program, we are committed to: 1) immediately assessing a vulnerability once we’ve been alerted to it, to determine if it affects our products; 2) addressing the vulnerability via a patch or software release, if required; and 3) communicating with our partners.
Notifications affecting our products are posted directly on our corporate website. Both partners and end user customers can sign up to receive alerts each time the webpage is updated with a new advisory.